-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2841-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb December 06, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : runc Version : 0.1.1+dfsg1-2+deb9u3 CVE ID : CVE-2021-43784 It was discovered that there was an overflow issue in runc, the runtime for the Open Container Project, often used with Docker. The Netlink 'bytemsg' length field could have allowed an attacker to override Netlink-based container configurations. This vulnerability required the attacker to have some control over the configuration of the container, but would have allowed the attacker to bypass the namespace restrictions of the container by simply adding their own Netlink payload which disables all namespaces. For Debian 9 "Stretch", this problem has been fixed in version 0.1.1+dfsg1-2+deb9u3. We recommend that you upgrade your runc packages. For the detailed security status of runc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/runc Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmGukYwACgkQHpU+J9Qx HljF8w/+LHWY4pcYvhLQvAyodPFvTxlxZ60QlA70Pvspva8LRww59nNH1QnBQTxC LLuD6UfhjXMt/tm4nAQ0X7sAhBSBVBn2OUVDZj4b6sWCb68Ideqviud4jzYvxbYD 1JrjSvK+/A0cJhsSac9rppMg4B3lPeekW6AmIsLWswW4olJROtmbRzgn1j5GSTyn XdL7HwKwgbuzs1u2cKYjExJIdVNlIuUrVQH2njCHTeK3sVn20bFpAmwLnWhO3+yJ Fy7sMAtbvW2eNht7e5qL+tamHcg4PlZkuO7cu698tSkfpTMgD0hfv5Il5Gw1e6Lq HkDmFaSMiJiFlK/iybg7WeiHSKuhAQOXKuOHrx81s4ayYv3PZ3Jltj4lG9asNPSB BsTKmXGYvzn0mEa1wVuQpEDRt/n3yUruzKxaWA3iFU6FfT+vFgJ3N5D/lpgieLid AyYQqojHhoBMFmpUvZeuDObTgQ/EBo07VCsN56F59iGbclPWd/cFC5J7p3ahmQhC 0DAL/P3THd9tRAUS8WrugwNI/hlAoqhay0lw05x3B4ZOgFaFzaQOlzsN4jzsY5i8 Tar22dhJU3/D/K0TUcqWZsUqGzu86flN93nEFcnrDnZGiSvzwMutjeA4T126vXH3 wdTKalOmYgxpM5Kk7IlEmYmlbSs8NHHH3LetFGkGIs/goZTmduM= =vcTl -----END PGP SIGNATURE-----
